Method and apparatus for querying content protected by identity-based encryption

US 9,025,767 B2
Filed: 03/24/2010
Issued: 05/05/2015
Est. Priority Date: 03/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at a first user device a query from a second user device for encrypted data, the query being associated with a first user, the first user being described according to a first set of criteria;

based, at least in part, on the query and one or more second sets of criteria associated with a second user, determining by the first user device whether at least one of the second sets of criteria are matched, at least in part, to the first set of criteria; and

associating by the first user device the query with the matched at least one of the second sets of criteria used as a public key for encrypting the encrypted data according to an identity-based encryption scheme,wherein the first set of criteria and the at least one of the second sets of criteria include one or more digital right management compliant requirements.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for reducing communication traffic/cost and protecting content by applying recipient criteria in identity-based encryption. A criterion application of a querier causes, at least in part, transmission of a query associated with a first user described according to a first set of criteria. Based on the query, the criterion application of the querier receives one or more second sets of criteria associated with respective second users, wherein the second sets of criteria are matched, at least in part, to the first set of criteria, and wherein at least one of the second sets of criteria is used as a public key for encrypting data according to an identity-based encryption scheme. A criterion application of an information store receives the query associated with the first user, and matches one or more second sets of criteria with all or part of the first set of criteria.

18 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving at a first user device a query from a second user device for encrypted data, the query being associated with a first user, the first user being described according to a first set of criteria;
  
  based, at least in part, on the query and one or more second sets of criteria associated with a second user, determining by the first user device whether at least one of the second sets of criteria are matched, at least in part, to the first set of criteria; and
  
  associating by the first user device the query with the matched at least one of the second sets of criteria used as a public key for encrypting the encrypted data according to an identity-based encryption scheme,wherein the first set of criteria and the at least one of the second sets of criteria include one or more digital right management compliant requirements.
- View Dependent Claims (2, 3, 4, 5, 18, 19, 20)
- - 2. A method of claim 1, further comprising:
    - causing, at least in part, presentation of the matched at least one of the second sets of criteria to the second user,receiving an input, from the second user, for selecting one of the matched at least one of the second sets of criteria;
      
      causing, at least in part, reception by the second user device of the encrypted data, wherein the encrypted data was encrypted by the first user to share with others before the query is transmitted; and
      
      causing, at least in part, decryption by the second user device the encrypted data based, at least in part, on the selected second set of criteria.
  - 3. A method of claim 2, wherein the decryption further comprises:
    - causing, at least in part, transmission by the second user device a request for a decryption key for the selected second set of criteria;
      
      verifying that the second user satisfies the selected one of the second sets of criteria by determining one or more access rights of the second user; and
      
      causing, at least in part, transmission of the decryption key to the second user device in response to the request upon verifying that the second user satisfies the selected one of the second sets of criteria,wherein the decryption is based, at least in part, on the decryption key.
  - 4. A method of claim 1, wherein an information store maintains the set of criteria associated with the first user, the method further comprising:
    - negotiating with the information store to store, publish, keep confidential, or a combination thereof all or some of the first set of criteria.
  - 5. A method of claim 1, further comprising at least one of:
    - formatting the first set of criteria, the second sets of criteria, the query, the encrypted data, or a combination thereof respectively into predetermined information representation structures;
      
      constructing reduced ordered binary decision diagrams from the information representation structures; and
      
      computing a hash identifier corresponding to respective ones of the reduced ordered binary decision diagrams,wherein the first set of criteria, the second sets of criteria, the query, the encrypted data, or a combination thereof are transmitted or received in as at least one of the information representation structure, the reduced ordered binary decision diagram, and the hash identifier.
  - 18. A method of claim 1, further comprising:
    - formatting by the first user device the public key into a predetermined information representation structure;
      
      constructing by the first user device a reduced ordered binary decision diagram from the information representation structure of the public key; and
      
      causing, at last in part by the first user device, storage of the decision diagram of the public key.
  - 19. A method of claim 1, wherein the first set of criteria and the second set of criteria include one or more physical features, one or more personal interests, or a combination thereof, of the first user, the second user, or a combination thereof.
  - 20. A method of claim 5, wherein the one or more digital right management compliant requirements are formatted into one or more portions of predetermined information representation structures and constructed as one or more portions of the reduced ordered binary decision diagrams.

6. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus embedded in a first user device to perform at least the following,receive a query from a second user device for encrypted data, the query being associated with a first user, the first user being described according to a first set of criteria;
  
  based, at least in part, on the query and one or more second sets of criteria associated with a second user, determine whether at least one of the second sets of criteria are matched, at least in part, to the first set of criteria; and
  
  set the matched at least one of the second sets of criteria as a public key for encrypting data, associated with the query, according to an identity-based encryption scheme,wherein the first set of criteria and the at least one of the second sets of criteria include one or more digital right management compliant requirements.
- View Dependent Claims (7, 8)
- - 7. An apparatus of claim 6, wherein the apparatus is further caused to:
    - cause, at least in part, presentation of the matched at least one of the second sets of criteria to the second user,receive an input, from the second user, for selecting one of the matched at least one of the second sets of criteria;
      
      cause, at least in part, reception by the second user device of the encrypted data, wherein the encrypted data was encrypted by the first user to share with others before the query is transmitted; and
      
      cause, at least in part, decryption by the second user device the encrypted data based, at least in part, on the selected second set of criteria.
  - 8. An apparatus of claim 7, wherein the apparatus is further caused to:
    - cause, at least in part, transmission by the second user device a request for a decryption key for the selected second set of criteria;
      
      verify that the second user satisfies the selected one of the second sets of criteria by determining one or more access rights of the second user; and
      
      cause, at least in part, transmission of the decryption key to the second user device in response to the request upon verifying that the second user satisfies the selected one of the second sets of criteria,wherein the decryption is based, at least in part, on the decryption key.

9. A method comprising:
- receiving at one or more second user devices a query sent from a first user device as made by a first user for encrypted data, the first user being described according to a first set of criteria;
  
  matching, by the one or more second user devices, one or more second sets of criteria with all or part of the first set of criteria, wherein the matching defines respective second users who are qualified to receive the query, and wherein at least one of the second sets of criteria is matched with all or part of the first set of criteria and was used by a respective second user as a public key for encrypting data to be shared with others, the encrypted data is associated with the respective second user and was encrypted according to an identity-based encryption scheme; and
  
  causing, at least in part, transmission of the at least one of the second sets of criteria to the first user device,wherein the first set of criteria and the at least one of the second sets of criteria include one or more digital right management compliant requirements.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A method of claim 9, wherein the first set of criteria, the second sets of criteria, or a combination thereof include at least one of a user personality feature, a technical capability of the first device, a usage pattern of the first device, an environmental condition in which the first device is used, and context information associated with the first device.
  - 11. A method of claim 9, further comprising:
    - receiving a request, from the first user device, for a decryption key for the matched at least one of the second sets of criteria;
      
      causing, at least in part, verification of whether the first set of criteria substantially describe the first user; and
      
      causing, at least in part, transmission of the decryption key based, at least in part, on the verification.
  - 12. A method of claim 11, wherein the verification comprises at least one of:
    - determining one or more access rights associated with the first user; and
      
      causing, at least in part, comparison of all or part of the first set of criteria against information associated with the first user that is available locally or externally, the information including an online or offline public record, a transaction history, an activity history, a history of visited locations, an interaction history, associated communication content items, associated memberships, or a combination thereof.
  - 13. A method of claim 11, wherein the verification and the transmission are performed by a private key generator, the information store, or a combination thereof.

14. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus embedded in one of a plurality of second user devices to perform at least the following,receive a query sent from a first user device as made by a first user for data that is encrypted, the first user being described according to a first set of criteria;
  
  match one or more second sets of criteria with all or part of the first set of criteria, wherein the matching defines respective second users who are qualified to receive the query for data, and wherein at least one of the second sets of criteria is matched with all or part of the first set of criteria and was used by a respective second user as a public key for encrypting data to be shared with others, the encrypted data is associated with the respective second user and was encrypted according to an identity-based encryption scheme; and
  
  cause, at least in part, transmission of the at least one of the second sets of criteria to the first user device,wherein the first set of criteria and the at least one of the second sets of criteria include one or more digital right management compliant requirements.
- View Dependent Claims (15, 16, 17)
- - 15. An apparatus of claim 14, wherein the first set of criteria, the second sets of criteria, or a combination thereof include at least one of a user personality feature, a technical capability of the first device, a usage pattern of the first device, an environmental condition in which the first device is used, and context information associated with the first device.
  - 16. An apparatus of claim 14, wherein the apparatus is further caused to:
    - receive a request, from the first user device, for a decryption key for the matched at least one of the second sets of criteria;
      
      cause, at least in part, verification of whether the first set of criteria substantially describe the first user; and
      
      cause, at least in part, transmission of the decryption key based, at least in part, on the verification.
  - 17. An apparatus of claim 16, wherein in performing verification, the apparatus is further caused to:
    - determine one or more access rights associated with the first user; and
      
      cause, at least in part, comparison of all or part of the first set of criteria against information associated with the first user that is available locally or externally, the information including an online or offline public record, a transaction history, an activity history, a history of visited locations, an interaction history, associated communication content items, associated memberships, or a combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Sovio, Sampo Juhani, Luukkala, Vesa-Veikko
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US12/730,881
Publication Number

US 20110235799A1
Time in Patent Office

1,868 Days
Field of Search

380/30, 380/44, 380/255, 380/258, 380277-279, 380281-286, 380/178, 380/270, 713/182, 713/150, 713/156, 713/161, 713/165, 713/168, 713/171, 713/175, 713/189, 726/3, 726/27, 726/18, 707/747, 707/E17.014
US Class Current

380/30
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04L 9/3073   involving pairings, e.g. id...

Method and apparatus for querying content protected by identity-based encryption

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for querying content protected by identity-based encryption

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others